More Compliance Regulations

The need for regulation in cybersecurity has and will continue to give rise to regulatory standards and actions taken in upholding said standards.

EU General Data Protection Regulation (May 2018)

The new GDPR standards for processing, storing, and securing the personal data of EU citizens will have far-reaching influence and the threat of potentially major fines; even if you don’t work extensively within the EU, expect this move to inspire regulation elsewhere. The first few to violate the GDPR may be made into examples to deter future noncompliance.

The SEC’s Cybersecurity Division aims to provide guidance and resources for the public and private sectors, including alerts, bulletins, and analysis.

In 2017 New York became the first state to set minimum cybersecurity standards (23 NYCRR Part 500), affecting banks, insurance companies, and financial services institutions. Companies will likely still be scrambling toward compliance, and similar measures in other states may soon follow

Takeaway: Regulation creates a pressing need for partners that understand and meet the latest rules. Align Cybersecurity™ combines expertise in technology, governance, education and technical law as an all-inclusive, end-to-end service.

The Evolution of Ransomware

Ransomware was a big subject in 2017 and will likely continue to cause problems in 2018, as new attacks surface and hackers pivot into new avenues of attack and exploitation.

Fallout from attacks like WannaCry has been enormous. It’s likely that hackers with aspirations of similar impact already have attacks in the works

Ransomware campaigns may react to increased security by pivoting toward targeting more vulnerable individuals and businesses

Takeaway: Major attacks are thwarted, but remain a mystery. Ransomware isn’t going away any time soon, and nimble, up-to-the-minute knowledge of the latest breaches and patches is essential.

Vulnerabilities in the Internet of Things

New devices continue to be added, but the Internet of Things remains a vulnerability, with many devices lacking basic security

With estimates on the number of devices anywhere between 24 and 50 billion devices by 2020, the IoT and the potential losses from vulnerabilities will continue to rise exponentially

Takeaway: Market pressures and rapid expansion have made the buzzy IoT a prime target. Shoring up existing security and encouraging secure behavior through training and authentication will be key to hedge funds and alternative investment firms staying ahead of the curve.

Two-Factor Authentication in the Crosshairs

The relationship between defenders and attackers continues to be an arms race of developing technology

As demand increases for two-factor authentication in response to large data breaches, hackers will be looking to find workarounds or vulnerabilities that diminish or sidestep the security two-factor affords

Takeaway: Two-factor is a great additional layer of data security, but should never be considered a finished, impenetrable security system. Security at any level is only as good as its ongoing maintenance and updating.

Cybersecurity impacts multiple departments in a firm, therefore, a business needs to employ a multidisciplinary approach to cyber risk management.

A comprehensive cybersecurity solution reduces the headache of working with multiple vendors and mitigates the risk associated with so many moving parts. Working with a team of subject matter experts across a variety of disciplines including education, legal, technology and security will build the diverse foundation a firm needs to protect their most critical assets today and in the future.

Takeaway: Cybersecurity is a major issue for modern businesses, and investment firms, private equity and financial institutions are prime targets. Savvy firm owners will prioritize finding the best service providers, and innovative players in the cybersecurity industry should take advantage of the opportunity.

Cryptocurrency

The surge in Bitcoin’s value has brought increased attention to cryptocurrency; this has also made cryptocurrency a target for hacking and ransomware

Takeaway: Businesses that deal in or are related to cryptocurrency should expect the increased interest to bring more scrutiny and a greater threat to security as unsavory actors attempt to take advantage of vulnerabilities.

Nation-state Hackers and Proxy Wars

With North Korea named as a likely culprit for the WannaCry attack, hacking has moved to the international stage as governments weigh in and use cyberattacks against each other

Tech companies may find it essential to work in between the public and private sphere as cyberattacks target private citizens and companies for public gain

Takeaway: Cyberattacks as a means of nation-state action entangle citizens and companies regardless of their perceived involvement. Cybersecurity, and better communication about the nature and spread of breaches, will be a major topic in 2018.

Handling Data Breaches

Equifax has summarily demonstrated the wrong way to handle a data breach, delaying, misdirecting, and underscoring their own failures. Their public embarrassment will hopefully be a lesson for other companies to more gracefully handle the PR and response to a breach.

The Equifax data breach highlights the evolving threat landscape and the universal state of unpreparedness in both the corporate and personal contexts.

Now more than ever, all consumers must also evolve, and learn how to protect their personal financial information and consumer credit profiles.

TAKEAWAY: How your company handles a data breach makes all the difference in mitigating loss—the optics can be just as important as the actual security of your data. Savvy companies will benefit from a proactive and responsible contingency plan in the event of a breach.

Endpoint Security – Patching and Application Testing

WannaCry could’ve been avoided with active patch management, but doing so remains a challenge for many organizations

If you can’t manage endpoint security and simply leave it to chance, your organization is likely to be vulnerable to this year’s attacks

Takeaway: In most cases, ransomware takes advantage of common vulnerabilities. Actively managing endpoint security is a simple way to mitigate massive amounts of risk to your data security.

Think Before You Click - Phishing Emails Tips

As a cybersecurity best practice, Align advises you to remain vigilant and skeptical of potential email scams. You need to watch out for the following things:

Phishing emails that claim to be from your financial institution, social media accounts and the like, where you can check if your data was compromised

Phishing emails that claim there is a problem with a credit card, your credit record, or other personal financial information

Calls from scammers that claim they are from your bank or credit union

Fraudulent charges on any credit card because your identity was stolen

Emails that your account has been suspended. If you want to change the settings of subscription services, never click on a link in an unverified email claiming it’s from an organization you have an account with. Instead, type the website name in your browser, log in to your account the standard way and check for any messages there.

Do you want to design a cybersecurity program that will satisfy regulators, empower employees and encourage investors? Download our whitepaper below or contact us by clicking here.